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-• The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1)13 Responsive to communication(s) filed on 06 February 2007 . 
2a)Q This action is FINAL. 2b)S This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quay/e, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 1-3,5-13.19 and 25 is/are pending in the application. 

4a) Of the above claim(s) . is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) £3 Claim(s) 1-3,5-13.19 and 25 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10)[x] The drawing(s) filed on 06/14/2001 is/are: a)[X] accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
11 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12)D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2.Q Certified copies of the priority documents have been received in Application No. . 



3.Q Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 

Response to Amendment 

1 . Applicant's amendment and arguments, filed on 02/06/2007, with respect to 
claims 1-3, 5-13, 19 and 25 have been fully considered but are moot in view of the new 
ground(s) of rejection. 

The 1 12.2 rejection in last office action is withdrawn. 
Claims 4, 14-18, 20-24 and 26 have been canceled. 

Claim Rejections - 35 (JSC § 101 

2. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

3. Claim 19 is rejected under 35 U.S.C. 101 because the claimed invention is 
directed to non-statutory subject matter. 

Claim 19 is nonstatutory because they are directed to a computer program per se 
since it is not embedded in a computer readable medium as set forth in p.52 of the 
interim Guideline. 

Furthermore, for claim 19, the specification on page 19 lines 30-31 stated the 
computer program is "in the loaded or transport process, data signals that are embodied 
in carrier waves communicate with code segments, thus making the medium for 
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storing the computer program a signal. Hence, in light of this the claims are nothing 
more than a signal and are directed to nonstatutory subject matter. 



Claim Rejections - 35 USC § 103 

4. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

5. Claim 1 is rejected under 35 U.S.C. 103(a) as being unpatentable over US 
patent 5, 727,146 ("Savoldi et al.") in view of US patent 6,744,767 ("Chiu et al.") and 
further in view of US patent 6,771 ,674 B1 ("Schuster et al."). 

Regarding Claim 1. Savoldi et al. teach a method of dynamically protecting 
network access using packet source address, comprising of 

receiving, in a system, a data unit (51 as packet) containing a source address 
indicating a source of a data unit (packet), 

matching the source address with information stored in the system (50), and 

enabling entry of the data unit (packet) to the first network if the source address 
matches the information stored in the system (52) and denying entry (with error) of the 
data unit to the first network if the source address does not match the information stored 
in the system (52) (See Fig. 7, Col. 1 , line 61 - Col. 2, line 8), and 
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indicating occurrence of an attack of the first network in response to determining 
that the identifier of allow/request configuration field that does not match the stored 
allow/request configuration field (See Fig. 4, Col. 3, lines 58-63). 

Savoldi et al. teach substantially all the claimed invention but did not disclose 
expressly the particular application involving limitations of 

"a storage module to store a threshold value for a communications session, the 
threshold value representing an acceptable rate of incoming data units from the external 
network to the first network" and 

"a controller adapted to deny further entry of data units from the external network 
to the first network in the communications session in response to the controller 
detecting that the rate of incoming data units exceeds the threshold value". 

Chiu et al. teach a method and networks of voice gateways (22) for bandwidth 
management during implementation of Quality of Service using Internet Protocol 
provisioning including 

a storage module (54 memory buffer) (See Fig. 2, Col 5, lines 53-55) to store a 
threshold value (global and local thresholds) for a communications session, the 
threshold value representing an acceptable rate of incoming data units from the external 
network to the first network (maximum incoming packet rate), and 

a controller (51 ) adapted to deny further entry of data units from the external 
network to the first network in the communications session in response to the controller 
detecting that the rate of incoming data units exceeds the threshold value (See Fig. 2, 
Col. 5, lines 32-58). 
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At the time the invention was made, therefore, it would have been obvious to one 
of ordinary skill in the art to which the invention pertains to combine Chiu et al. in 
Savoldi et al. in order to obtain a method of dynamically protecting network access 
using packet source address and to take advantage of a memory buffer to store a global 
and local thresholds for a communications session, representing an acceptable 
maximum incoming packet rate and a controller to deny further entry of data units from 
the external network to the first network in the communications session in response to 
the controller detecting that the rate of incoming data units exceeds the acceptable 
maximum incoming packet rate. 

The motivation to do so would have been to store a global and local thresholds to 
a memory buffer for a communications session, representing an acceptable maximum 
incoming packet rate and a controller to deny further entry of data units from the 
external network to the first network in the communications session in response to the 
controller detecting that the rate of incoming data units exceeds the acceptable 
maximum incoming packet rate, as suggested by Chiu et al. in Fig. 2, Col. 5, lines 32- 
58. 

Savoldi et al. and Chiu et al. teach substantially all the claimed invention but did 
not disclose expressly the particular application involving limitations of "the identifier is 
of codec type". 

Schuster et al. teach a method for a real-time packet voice data network that it is 
common for the real-time packet to include header (identifier) containing the specific 



Application/Control Number: 09/881 ,604 Page 6 

Art Unit: 2616 

voice codec type (such as G.729, G.731) for real time voice application (See Col. 2, 
lines 36-52). 

At the time the invention was made, therefore, it would have been obvious to one 
of ordinary skill in the art to which the invention pertains to combine Schuster et al. in 
Savoldi et al. and Chiu et al. in order to obtain a method of dynamically protecting 
network access using packet source address and to take advantage of including the 
header with the specific voice codec type in real-time packet. 

The motivation to do so would have been to include the header with the specific 
voice codec type in real-time packet for real time voice application, as suggested by 
Schuster et al. in Col. 2, lines 36-52. 

4. Claims 5-13, 19 and 25 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over US patent 5, 727,146 ("Savoldi et al.") in view of US patent 6,744,767 
("Chiu et al.") and US patent 6,771,674 B1 ("Schuster et al.") and further in view of US 
patent 6,944,673 B2 ("Malan et al."). 

Regarding Claim 5, Savoldi et al. and Chiu et al. and Schuster et al. teach 
substantially all the claimed invention but did not disclose expressly the particular 
application involving limitations of 

"profiling scheme by protocol filter and security action of generating a report that 
an attack is occurring". 
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Malan et al. teach a method for networks profiling relating to common denial of 
service attack tracking technique including steps of examining multiple layers of the 
protocol stack and including the data and blocking at any layer or depth if violation 
happened (See Col. 2, lines 5-16) and generating a report that an attack is occurring 
(See Fig. 7, Col. 10, lines 6-35). 

At the time the invention was made, therefore, it would have been obvious to one 
of ordinary skill in the art to which the invention pertains to combine Malan et al. in 
Savoldi et al. and Chiu et al. and Schuster et al. in order to obtain a method of 
dynamically protecting network access using packet source address and to take 
advantage of a common denial of service attack tracking technique including steps of 
examining multiple layers of the protocol stack and including the data and blocking at 
any layer or depth if violation happened and generating a report that an attack is 
occurring. 

The motivation to do so would have been to use a common denial of service 
attack tracking technique including steps of examining multiple layers of the protocol 
stack and including the data and blocking at any layer or depth if violation happened 
and generating a report that an attack is occurring, as suggested by Malan et al. in Col. 
2, lines 5-16 and Col. 10, lines 6-35. 

Regarding Claim 7-13, 19 and 25. Chiu et al. teach a method and networks of 
voice gateways (22) for bandwidth management during implementation of Quality of 
Service using Internet Protocol by a controller (51 ) adapted to deny further entry of data 
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units from the external network to the first network in the communications session in 
response to the controller detecting that the rate of incoming data units exceeds the 
threshold value (See Fig. 2, Col. 5, lines 32-58). 

At the time the invention was made, therefore, it would have been obvious to one 
of ordinary skill in the art to which the invention pertains to combine Chiu et al. in 
Savoldi et al. and Schuster et al. and Malan et al. in order to obtain a method of 
dynamically protecting network access using packet source address and to take 
advantage of measuring the predetermined bandwidth requirement by detecting that the 
rate of incoming data units exceeds the threshold value. 

The motivation to do so would have been to measure measuring the 
predetermined bandwidth requirement detecting that the rate of incoming data units 
exceeds the threshold value, as suggested by Chiu et al. in Col. 5, lines 32-58. 

Regarding Claim 6, as discussed above, Savoldi et al. and Schuster et al. and 
Malan et al. teach substantially all the claimed invention but did not disclose expressly 
the particular application involving limitations of 

"check if the incoming data unit contains a Real-Time Protocol or Real-Time 
Control Protocol payload, and to deny further entry of the incoming data unit if the 
incoming data unit does not contain a Real-Time Protocol or Real-Time Control Protocol 
payload". 

Chiu et al. further teach that checking for VoIP packet with User Datagram 
Protocol and Real Time Protocol (See Col. 9, lines 48-55). 
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At the time the invention was made, therefore, it would have been obvious to one 
of ordinary skill in the art to which the invention pertains to combine Chiu et al. with 
Savoldi et al. and Malan et al. in order to obtain a method of dynamically protecting 
network access using packet source address and to take advantage of checking for 
VoIP packet with User Datagram Protocol and RTP. 

The motivation to do so would have been to check for VoIP packet with User 
Datagram Protocol and Real Time Protocol, as suggested by Chiu et al. in Col. 9, lines 
48-55. 

6. Claims 2-3 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
US patent 5, 727,146 ("Savoldi et al.") in view of US patent 6,771 ,674 B1 ("Schuster et 
al." and US patent 6,744,767 ("Chiu et al.") and US patent 6,944,673 B2 ("Malan et al.") 
and further in view of US patent 6,928,082 B2 ("Liu et al."). 

Regarding claim 2 , Liu et al. teach a network access method wherein it is a 
fundamental network address translation scheme by matching the source address with 
one or more entries of a network address translation mapping table server (26) (See 
Col. 8, lines 2-13). 

At the time the invention was made, therefore, it would have been obvious to one 
of ordinary skill in the art to which the invention pertains to combine Liu et al. with 
Savoldi et al. and Schuster et al. and Chiu et al. and Malan et al. in order to obtain a 
method of dynamically protecting network access using packet source address and to 
take advantage of matching the source address with one or more entries of a network 
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address translation mapping table server as a fundamental network address translation 
scheme. 

The motivation to do so would have been to match the source address with one 
or more entries of a network address translation mapping table server as a fundamental 
network address translation scheme, as suggested by Liu et al. in Col. 8, lines 2-13. 

Regarding claim 3, Liu et al. further teach that matching the source address 
comprises matching an Internet Protocol (IP) address (See Col. 5, lines 64-67). 

At the time the invention was made, therefore, it would have been obvious to one 
of ordinary skill in the art to which the invention pertains to combine Liu et al. with 
Savoldi et al. and Schuster et al. and Chiu et al. and Malan et al. in order to obtain a 
method of dynamically protecting network access using packet source address and to 
take advantage of matching an Internet Protocol address as source address. 

The motivation to do so would have been to match an Internet Protocol address 
as source address as a fundamental network address translation scheme, as suggested 
by Liu et al. in Col. 5, lines 64-67. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Richard Chang whose telephone number is (571) 272- 
31 29. The examiner can normally be reached on Monday - Friday from 8 AM to 5 PM. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Wing Chan can be reached on (571 ) 272-7493. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-21 7-91 97 (toll-free). J ,s ^ - 



Richard Chang 
Patent Examiner 
Art Unit 2616 
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